[ogsa-hpcp-wg] File staging extension

[Steven Newhouse]

A little more broadly, I am concerned that someone could semi-legitimately
accuse the HPC Profile effort of "mandating insecurity".

We're mandating in HPCBP that over an open network plain text username and passwords are passed over SSL. We're demonstrating a proof of concept that using 'movement protocols' such as ftp, http, ... can be integrated into the HPCBP by passing in a credential from the client. This IMHO is the goal of the normative extensions.

The set of credentials that we mandate that we support and the movement protocols that they access is effectively a profile ontop of this normative extensions. If your HPCBP endpoint is only going to go to files within your network (because by policy you do not allow external FTP traffic through your firewall) then use of FTP may not be a major concern. Other deployments going cross-enterprise in their file access may require that certain protocols are only used.

Basically I think we have three phases:
1. Proof of concept for SC07 to drive further development of the extensions.
2. Developing normative extensions that are fairly flexible in terms of the things moved and the tokens used to authenticate access to the things being moved.
3. Concrete profiles defining the protocols and the credentials. This set may be very different in different domains, e-science (GridFTP & certificates), commerce (ftp & username/password) for example.

2 & 3 I think this is something we can really discuss post SC07. For now we need to KISS* and together be happy with an answer to 1!

Steven

KISS = Keep It Simple Stupid (This is a generic working group stupid - not a person specific stupid in this email thread!)